Attorney Docket No.: 035967-023 

Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the application: 



1 . (Currently Amended) An apparatus for managing access for an extranet, comprising: 
a plurality of domain web server, to which a plurality of users are subscribed, 
an authentication and authorization ( AA) server for managing access authentication and 

authorization for the domain web server, 
an authority information storing module for storing authentication information and 

authorization information of the users , and 
a user web browser interconnected with the AA server and the domain web server, 
wherein the AA server comprises.: 

an AA module for authenticating the users and setting Role values in an AA cookie of 

the authenticated user; playing a rol e of auth e ntication and authorization; 
an access control list ( ACL) cache control module for synchronizing ACL caches of the 
respective domain web server with the AA server; an encryption module for 
encrypting the AA cookies to be given to each the users; and 
a schema provider and user provider for providing an operation system independent of 
the authority information storing module, 
wherein the domain web server comprises: 

an ACL cache which is delivered from the AA server; 

an AA module for checking, by using the ACL cache, whether the user has authority to 

access a requested resource acc e ss e s ; 
an ACL cach e which is d e liv e r e d from th e AA s e rv e r; 
a decryption module for decrypting the encrypted AA cookies; and 
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a module for processing a resource request from the user web browser, 

wherein the domain web server is configured to extract the Role values from the AA cookie 
of the user, extracts an access control entry (ACE) of the requested resource from the 
ACL cache, and grant an access authority to the user if the ACE of the requested 
resource exists in the extracted Role values. 

whoroin th e domain w e b s e rver ch e cks the user authority by using ACL information, 
resp e ctively, and produces th e encrypt e d Rol e information cooki e , this cookie signal 
b e ing auth e nticat e d in the AA s e rver 300, and, after authentication, Role, ACL, and 
ACE information is stored in th e authority information storing modul e . 

2. (Currently Amended) A method of managing access for an extranet, performed in the 
apparatus which comprises the elements in claim 1, the method comprising the steps of: 
an ACL initialization operation comprising: 

an AA module of a domain web server requesting the ACL cache control module of the 

AA server to synchronize an ACL; and 
the ACL cache control module referring the ACL from the authority information storing 
module and delivering the referred ACL data to the AA module of the domain web 
server; 

an authorizing operation in authentication comprising: 
a user web browser accessing the domain web server; 

the AA module of the domain web server confirming access authority of the user web 
browser; 

the user web browser requesting the authentication from an AA module of the AA 
server; 
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the AA module of the AA server referring a schema provider to the authority; 
the schema provider referring an authority information storing module to a site and 

delivering the referred result to a user provider; and 
the user provider referring the authority information storing module to the user authority 

to make authentication, setting Role values in an AA cookie of the authenticated 

user, and transmitting the AA cookie to the user web browser; and 
an authority referring operation comprising: 

a user web browser requesting a page (URL) access from the domain web server; 

the AA module of the domain web server checking whether the user has an authority to 

access the requested page by comparing the Role values in the AA cookie and 

ACEs of the ACL cache; and 
the resource request processing module processing the requested page (URL) and 

responses to the user web browser by sending a processed result. 
a us e r web brow se r acc e ssing a domain web s e rv e r, 

an AA modul e of th e domain w e b s e rver confirming acc e ss authority of th e us e r w e b 
brows e r, 

th e us e r w e b brows e r requ e sting th e auth e ntication from the AA module of th e AA serv e r, 

th e AA modul e of th e AA s e rv e r r e f e rring a schema provid e r to th e authority, 

th e sch e ma provid e r referring an authority information storing modul e to a sit e and 

d e liv e ring th e r e f e rr e d r e sult to a us e r provid e r, and 
th e us e r provid e r r e f e rring th e authority information storing modul e to th e user authority to 

mak e auth e ntication and s e t us e r authority, and transmitting th e information to th e us e r 

w e b brows e r. 
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3. (Currently Amended) The method of claim 2, farther comprising a user authority changing 
step comprising: 

if the user web browser requests the service enlisting or quitting, the resource request 

processing module of the domain web server requesting the AA module of the AA 

server to enlisting/quitting, 
the AA module of the AA server changing the user authority information and sending the 

information to the user provider, 
the user provider updating the user information by sending the changed information to the 

authority information storing module, 
the AA module of the AA server reporting to the resource request processing module that 

the user information was changed, such that the user is informed that the 

enlisting/quitting process is completed. 

4. (Currently Amended) The method of claim 2, further comprising: 

an ACL initialization step comprising: th e AA modul e of the domain w e b serv e r r e questing 
th e ACL cache control modul e of the AA s e rver to the ACL cache; and th e ACL cache 
control modulo ref e rring th e ACL cach e from th e authority information storing modul e 
and deliv e ring th e r e f e rr e d data to the AA modulo of th e domain web serv e r, and 

an ACL synchronization operation step comprising: 

a supervisor instructing the ACL cache control module of the AA server to change the 
authority; and 

the ACL cache control module requesting the authority information storing module to 
AGfc change the ACL, and the ACL cache of the domain web server to synchronize 
the ACL cache synchronization . 
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